[prev in list] [next in list] [prev in thread] [next in thread]
List: jakarta-commons-user
Subject: Is Commons File Upload FileItem.getName() Vulnerable for "Tainted filename read"?
From: Thusitha Thilina Dayaratne <thusithathilina () gmail ! com>
Date: 2016-08-16 4:42:31
Message-ID: CANVncXD4JYqM9drAU9mxo5qAUqa+yTW=PSCTfrkDUOPEJaD55g () mail ! gmail ! com
[Download RAW message or body]
Hi,
I did a findsecuritybug scan for one of my project which uses
commons-fileupload. There tool report that below code segment is suspicious
for Tainted filename read.
String fileName = item.getName()
Could someone tell me whether Is there a protection against that from
commons-fileupload implementation itself? Or users have to manually check
validated the file name?
Thanks
Thusitha
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic